Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
proszę o sprawdzenie loga • programosy.pl

  • Ogłoszenie:

proszę o sprawdzenie loga

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Proszę o sprawdzenie loga

Postprzez aszcik 18 Kwi 2007, 15:48

reklama
Mam problem prawdopodobnie z trojanem o nazwie "Virtumonde" (od reklam), który zaszył się w pamięci. Co jakiś czas wyskakują mi reklamy.

Proszę o sprawdzenie loga i pomoc.
LOG z HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:45, on 2007-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.millenet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{02B82410-DAA9-4008-803C-D1AEBFE26219}: NameServer = 212.33.64.2,212.33.64.18
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

aszcik
~user
 
Posty: 11
Dołączenie: 23 Mar 2006, 20:24



Postprzez prog 18 Kwi 2007, 15:59

Do kompletu daj jeszcze silentrunners i comboscan.....
C2D E8400 3GHZ + Pentagram Freezone HP-120 ALCu, Asus P5Q SE /intel P45/, A-Data 2x2GB CL4 Extreme Edition, Sapphire Radeon HD4870 512mb/256bit DDR5, WD 640GB SATA, Lite-ON Super AllWrite DVD SATA, Chieftec 500W, Samsung 2032BW Black 20', Vista Ultimate x64
Exoriare aliquis nostris ex ossibus ultor...
Awatar użytkownika
prog
~user
 
Posty: 4043
Dołączenie: 23 Mar 2005, 22:02
Miejscowość: /home/prog/
Pochwały: 232



comboscan i silentrunners

Postprzez aszcik 18 Kwi 2007, 16:11

Do kompletu daje jeszcze silentrunners i comboscan:

silentrunners:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Konnekt" = ""C:\Program Files\Konnekt\konnekt.exe" /autostart" ["Stamina"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"OutpostFeedBack" = "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."]
"Outpost Firewall" = "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1D531771-1AD5-4F27-87A2-6980501F9703}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\vtussrp.dll" [null data]
{2FE3B60B-B485-41D2-9C9B-13C3D3AC5FC2}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mljji.dll" [file not found]
{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\glunukwx.dll" [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{98B71D1C-91FB-44FD-B3C7-A0EC6D058AE3}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkli.dll" [file not found]
{9F97EFF0-9407-45D4-BACF-DE29063F4D49}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ddcyv.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll" ["Alcohol Soft Development Team"]
"{99F3B825-BDAB-4231-8EDB-5A369C2A2F80}" = ".LLB File Viewer and Icon Handler"
-> {HKLM...CLSID} = "LabVIEW Library Files"
\InProcServer32\(Default) = "C:\Program Files\National Instruments\Shared\LabVIEW Run-Time\8.2\LVShellExt.dll" ["National Instruments"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{1D531771-1AD5-4F27-87A2-6980501F9703}" = "8h"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\vtussrp.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> ddcyv\DLLName = "C:\WINDOWS\system32\ddcyv.dll" [null data]
<<!>> jkkli\DLLName = "C:\WINDOWS\system32\jkkli.dll" [file not found]
<<!>> mljji\DLLName = "C:\WINDOWS\system32\mljji.dll" [file not found]
<<!>> vtussrp\DLLName = "vtussrp.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRecentDocsMenu" = (REG_BINARY) hex:01 00 00 00
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableStatusMessages" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\adam\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


ComboScan:

ComboScan v20070306.20 run by adam on 2007-04-18 at 15:54:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
50: 2007-04-18 13:54:48 UTC - RP88 - ComboScan Restore Point
49: 2007-04-18 10:19:50 UTC - RP87 - Punkt kontrolny systemu
48: 2007-04-17 08:24:01 UTC - RP86 - Punkt kontrolny systemu
47: 2007-04-16 07:41:47 UTC - RP85 - Punkt kontrolny systemu
46: 2007-04-15 07:22:56 UTC - RP84 - Punkt kontrolny systemu


-- First Restore Point --
1: 2007-03-14 18:24:54 UTC - RP39 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-18 15:55:11
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
D:\comboscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.millenet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D531771-1AD5-4F27-87A2-6980501F9703} - C:\WINDOWS\system32\vtussrp.dll
O2 - BHO: (no name) - {2FE3B60B-B485-41D2-9C9B-13C3D3AC5FC2} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\glunukwx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {98B71D1C-91FB-44FD-B3C7-A0EC6D058AE3} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {9F97EFF0-9407-45D4-BACF-DE29063F4D49} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{02B82410-DAA9-4008-803C-D1AEBFE26219}: NameServer = 212.33.64.2,212.33.64.18
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
O20 - Winlogon Notify: vtussrp - C:\WINDOWS\system32\vtussrp.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Urządzenie alarmowe (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Ati HotKey Poller - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Przeglądarka komputera (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Lookout Citadel Server (LkCitadelServer) - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: MagicTuneEngine - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Machine Debug Manager (MDM) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: Posłaniec (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: NI Configuration Manager (mxssvr) - "C:\Program Files\National Instruments\MAX\nimxs.exe"
O23 - Service: NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: DDE sieci (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: National Instruments Domain Service (NIDomainService) - "C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe"
O23 - Service: NILM License Manager - "C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe"
O23 - Service: NI Service Locator (niSvcLoc) - C:\WINDOWS\system32\nisvcloc.exe -s
O23 - Service: National Instruments Variable Engine (NITaggerService) - "C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe"
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NOD32 Kernel Service (NOD32krn) - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: OpcEnum - C:\WINDOWS\system32\Opcenum.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rejestr zdalny (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - "C:\Program Files\CyberLink\Shared files\RichVideo.exe"
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Serv-U FTP Server (Serv-U) - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: StarWind iSCSI Service (StarWindService) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{8017142F-3B3F-45CB-9BA6-021EA7166162}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
O23 - Service: Centrum zabezpieczeń (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\adblock.dll
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\alcxwdm.sys
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
3R ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\arp.dll
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3S ATIAVAIW (ATI T200 Unified AVStream service) - C:\WINDOWS\system32\drivers\atinavt2.sys
1R atitray - C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys
3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys
3R BlueletSCOAudio (Bluetooth SCO Audio Service) - C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
3S BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys
3R Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys
3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys
0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys
3R Cap7134 (%Cap7134.DeviceDescProt%) - C:\WINDOWS\system32\drivers\Cap7134.sys
3S CCDECODE (Dekoder napisów) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\content.dll
2R cvintdrv - C:\WINDOWS\system32\drivers\cvintdrv.sys
3R DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\dnscache.dll
3R dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys
3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys
2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
3R FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll
3R HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll
3R HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\httpfilt.dll
0R imagedrv - C:\WINDOWS\system32\drivers\imagedrv.sys
0R imagesrv - C:\WINDOWS\system32\drivers\imagesrv.sys
3R IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\imapfilt.dll
3R MagicTune - C:\WINDOWS\system32\drivers\MTictwl.sys
3R MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\mailfilt.dll
3S MPE (Filtr MPE BDA) - C:\WINDOWS\system32\drivers\MPE.sys
3S MSTEE (Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (Koder-dekoder NABTS/FEC VBI) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Połączenie TV/wideo firmy Microsoft) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll
0R nvata - C:\WINDOWS\system32\drivers\nvata.sys
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R PhTvTune (WDM TVTuner) - C:\WINDOWS\system32\drivers\PhTvTune.sys
3R POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\pop3filt.dll
3R PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\protect.dll
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
1R SandBox (Outpost Firewall Sandbox Driver) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\SandBox.sys
3R SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\secret.dll
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys
3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys
1R VFILT (Outpost Firewall Kernel Driver) - C:\Program Files\Agnitum\Outpost Firewall\Kernel\filtnt.sys
1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (Kodery-dekodery teletekstu w standardzie światowym) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
4S Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
4S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R LkCitadelServer (Lookout Citadel Server) - C:\WINDOWS\system32\lkcitdl.exe
2R lkClassAds (National Instruments PSP Server Locator) - C:\WINDOWS\system32\lkads.exe
2R lkTimeSync (National Instruments Time Synchronization) - C:\WINDOWS\system32\lktsrv.exe
2R MagicTuneEngine - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
2R mxssvr (NI Configuration Manager) - "C:\Program Files\National Instruments\MAX\nimxs.exe"
3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
2R NIDomainService (National Instruments Domain Service) - "C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe"
3S NILM License Manager - "C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe"
2R niSvcLoc (NI Service Locator) - C:\WINDOWS\system32\nisvcloc.exe -s
2R NITaggerService (National Instruments Variable Engine) - "C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe"
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
3S OpcEnum - C:\WINDOWS\system32\OpcEnum.exe
2R OutpostFirewall (Outpost Firewall Service) - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared files\RichVideo.exe"
2R Serv-U (Serv-U FTP Server) - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


-- Files created between 2007-03-18 and 2007-04-18 -----------------------------

2007-04-18 12:51:26 123972 --a------ C:\WINDOWS\system32\rbyqddio.dll
2007-04-17 12:51:15 123972 --a------ C:\WINDOWS\system32\bcrbejjo.dll
2007-04-16 12:51:13 123972 --a------ C:\WINDOWS\system32\clwlbkub.dll
2007-04-15 12:51:08 123972 --a------ C:\WINDOWS\system32\gainvihf.dll
2007-04-15 12:50:53 492911 ---hs---- C:\WINDOWS\system32\vycdd.bak2<VYCDD~2.BAK>
2007-04-14 12:50:41 123972 --a------ C:\WINDOWS\system32\sxxmiirw.dll
2007-04-13 17:07:09 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-04-13 12:50:31 486067 ---hs---- C:\WINDOWS\system32\vycdd.bak1<VYCDD~1.BAK>
2007-04-13 12:50:31 123972 --a------ C:\WINDOWS\system32\qilxjntg.dll
2007-04-13 12:50:21 280676 ---hs---- C:\WINDOWS\system32\ddcyv.dll
2007-04-13 10:33:01 123972 --a------ C:\WINDOWS\system32\icvaxoaw.dll
2007-04-13 10:32:57 484741 ---hs---- C:\WINDOWS\system32\ilkkj.bak1<ILKKJ~1.BAK>
2007-04-13 01:58:03 484741 ---hs---- C:\WINDOWS\system32\ijjlm.bak1<IJJLM~1.BAK>
2007-04-13 00:43:11 92 --a------ C:\WINDOWS\system32\imon1.dat
2007-04-13 00:42:15 123972 --a------ C:\WINDOWS\system32\lrasdiqy.dll
2007-04-13 00:36:49 26694 --a------ C:\WINDOWS\system32\vtuvust.dll
2007-04-13 00:33:15 26694 --a------ C:\WINDOWS\system32\fccyxvt.dll
2007-04-13 00:32:34 26694 --a------ C:\WINDOWS\system32\fcccbyv.dll
2007-04-13 00:29:27 26694 --a------ C:\WINDOWS\system32\ljjihfc.dll
2007-04-13 00:29:07 26694 --a------ C:\WINDOWS\system32\vtussrp.dll
2007-04-13 00:12:32 0 d--h----- C:\WINDOWS\system32\Bifrost
2007-04-12 22:57:24 0 d-------- C:\Program Files\SlySoft
2007-04-12 22:15:08 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-12 21:22:55 34308 --a------ C:\WINDOWS\system32\Chip.dll
2007-04-12 21:22:26 24064 -----n--- C:\WINDOWS\system32\msxml3a.dll
2007-04-12 21:22:01 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-04-08 13:55:46 0 d--h----- C:\a2ef29859adfc836d6c7eb<A2EF29~1>
2007-04-05 12:23:06 0 d-------- C:\!KillBox
2007-04-04 12:47:09 54784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-04-04 12:46:41 0 d-------- C:\Program Files\IVT Corporation<IVTCOR~1>
2007-04-02 19:18:48 13396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
2007-04-02 19:18:40 0 d-------- C:\Program Files\MagicTune Premium<MAGICT~1>
2007-03-27 00:38:58 0 d-------- C:\Program Files\MultiRes
2007-03-27 00:38:14 0 d-------- C:\Program Files\Radeon Omega Drivers<RADEON~1>
2007-03-27 00:10:42 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1>
2007-03-26 23:55:24 0 d--hs---- C:\WINDOWS\ftpcache
2007-03-24 15:17:10 0 d-------- C:\WINDOWS\WBEM
2007-03-24 15:17:10 0 d-------- C:\WINDOWS\system32\pl-pl
2007-03-24 15:16:52 0 d--h---c- C:\WINDOWS\ie7
2007-03-24 15:15:47 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-03-24 14:20:26 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-24 14:20:17 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-24 14:18:12 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-24 14:18:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-24 14:18:08 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-23 01:05:18 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-03-23 01:05:17 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-23 01:05:14 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-22 11:37:15 0 d-------- C:\Program Files\RAR Password Cracker<RARPAS~1>
2007-03-20 20:10:57 0 d-------- C:\Program Files\PC Inspector File Recovery<PCINSP~1>
2007-03-19 21:21:02 0 d--h----- C:\WINDOWS\PIF
2007-03-18 13:30:02 5632 --a------ C:\WINDOWS\system32\CNMVS1W.DLL
2007-03-18 13:30:02 94720 --a------ C:\WINDOWS\system32\CNMLM1W.DLL
2007-03-18 13:06:03 82432 --a------ C:\WINDOWS\system32\CNBJMON2.DLL


-- Find3M Report ---------------------------------------------------------------

2007-04-18 11:23:02 0 d-------- C:\Program Files\DC++<DC__~1>
2007-04-16 19:33:13 0 d---s---- C:\Documents and Settings\adam\Dane aplikacji\Microsoft<MICROS~1>
2007-04-16 01:51:02 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Azureus
2007-04-15 01:55:01 18776 --a------ C:\Documents and Settings\adam\Dane aplikacji\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-04-13 00:12:32 22040 ---h----- C:\Documents and Settings\adam\Dane aplikacji\addon.dat
2007-04-12 22:32:21 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Ahead
2007-04-12 22:28:50 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-12 21:22:02 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 23:43:42 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Skype
2007-03-27 00:52:48 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\atitray
2007-03-25 23:58:59 448004 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-25 23:58:59 74230 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-18 16:33:03 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Help
2007-03-17 12:55:52 0 d-------- C:\Program Files\Orban
2007-03-16 21:58:03 237568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-03-16 21:57:57 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll<VORBIS~1.DLL>
2007-03-16 21:57:41 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-03-16 21:57:37 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-03-16 21:57:37 45056 --a------ C:\WINDOWS\system32\ogg.dll
2007-03-16 21:57:02 245760 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-03-16 21:56:55 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-03-14 00:45:35 0 d-------- C:\Program Files\National Instruments<NATION~1>
2007-03-14 00:38:48 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-11 19:03:35 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Adobe
2007-03-11 19:01:26 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-11 18:58:40 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-03-11 18:36:34 0 d-------- C:\Program Files\Nero
2007-03-09 14:57:49 0 d-------- C:\Program Files\Azureus
2007-03-09 13:07:42 0 d-------- C:\Program Files\Alcohol Soft<ALCOHO~1>
2007-03-03 21:16:20 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-03-03 21:16:12 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-03-03 19:55:45 0 d-------- C:\Program Files\iuLAB
2007-03-02 20:44:10 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-03-01 20:32:37 0 d-------- C:\Program Files\RhinoSoft.com<RHINOS~1.COM>
2007-03-01 20:25:22 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\AdobeUM
2007-02-28 01:48:24 0 d-------- C:\Program Files\Setup Files<SETUPF~1>
2007-02-28 01:44:24 0 d-------- C:\Program Files\MSI
2007-02-27 23:00:37 0 d-------- C:\Program Files\Winamp
2007-02-27 23:00:16 86016 -----n--- C:\WINDOWS\system32\pxwma.dll
2007-02-27 16:31:15 0 d-------- C:\Program Files\MPlayer-20060908<MPLAYE~1>
2007-02-27 16:08:12 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\ACD Systems<ACDSYS~1>
2007-02-27 16:03:40 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-02-27 16:03:38 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1>
2007-02-27 15:47:38 0 d-------- C:\Program Files\Opera
2007-02-27 15:36:23 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Macromedia<MACROM~1>
2007-02-27 15:20:01 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Opera
2007-02-27 15:03:06 0 d-------- C:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-02-27 15:03:05 0 d-------- C:\Program Files\Agnitum
2007-02-27 14:46:50 0 d-------- C:\Program Files\Konnekt
2007-02-27 14:15:41 0 d-------- C:\Program Files\Tweak-XP Pro 3<TWEAK-~1>
2007-02-27 14:15:16 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2007-02-27 14:08:02 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-27 14:07:38 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-27 14:07:05 0 d-------- C:\Program Files\XviD
2007-02-27 14:06:46 593938 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-02-27 14:06:46 0 d-------- C:\Program Files\x264
2007-02-27 14:05:38 0 d-------- C:\Program Files\Skype
2007-02-27 14:05:18 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Real
2007-02-27 14:04:21 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-27 14:04:20 0 d-------- C:\Program Files\Common Files\Real
2007-02-27 14:04:15 0 d-------- C:\Program Files\Real
2007-02-27 14:03:35 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-27 14:02:03 0 d-------- C:\Program Files\Java
2007-02-27 14:01:38 0 d-------- C:\Program Files\Common Files\Java
2007-02-27 13:59:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-27 13:59:26 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-27 13:59:03 62 --ahs---- C:\Documents and Settings\adam\Dane aplikacji\desktop.ini
2007-02-27 13:52:47 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-02-27 13:50:54 0 d-------- C:\Program Files\MarBit
2007-02-27 13:39:13 270336 --a------ C:\WINDOWS\system32\imon.dll
2007-02-27 13:37:25 0 d-------- C:\Program Files\totalcmd
2007-02-27 13:27:10 0 d-------- C:\Program Files\ati
2007-02-27 13:15:25 0 d-------- C:\Documents and Settings\adam\Dane aplikacji\Identities<IDENTI~1>
2007-02-27 13:10:38 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-27 13:10:12 0 -rahs---- C:\MSDOS.SYS
2007-02-27 13:10:12 0 -rahs---- C:\IO.SYS
2007-02-27 13:10:12 0 --a------ C:\CONFIG.SYS
2007-02-27 13:10:12 0 --a------ C:\AUTOEXEC.BAT
2007-02-27 13:08:56 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-27 13:08:53 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-02-27 13:08:08 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-27 13:08:01 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-27 13:07:16 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-27 13:06:51 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-27 13:06:47 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-27 13:06:40 0 d-------- C:\Program Files\Windows NT<WINDOW~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Konnekt"="\"C:\\Program Files\\Konnekt\\konnekt.exe\" /autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"OutpostFeedBack"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
"Outpost Firewall"="C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe /waitservice"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\BlueSoleil.lnk"
"backup"="C:\\WINDOWS\\pss\\BlueSoleil.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE "
"item"="BlueSoleil"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GammaTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\GammaTray.lnk"
"backup"="C:\\WINDOWS\\pss\\GammaTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MAGICT~1\\GAMMAT~1.EXE "
"item"="GammaTray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NCProTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\NCProTray.lnk"
"backup"="C:\\WINDOWS\\pss\\NCProTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\NATURA~1\\NCPROT~1.EXE "
"item"="NCProTray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Real Alternative\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SchSvr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvremcon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wvremcon"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wvremcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1D531771-1AD5-4F27-87A2-6980501F9703}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=hex:01,00,00,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkli
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljji
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtussrp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\monsetup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{957daf4e-e172-11db-b91a-0000b49830da}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command I:\Recycled\ctfmon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5ce31c-ca2f-11db-8e50-0000b49830da}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command I:\Recycled\ctfmon.exe


-- End of ComboScan: finished at 2007-04-18 at 15:55:39 ------------------------

aszcik
~user
 
Posty: 11
Dołączenie: 23 Mar 2006, 20:24



Postprzez prog 18 Kwi 2007, 16:17

Tak jak myślałem, jest vundo.

Użyj tych narzędzi:
=> http://www.atribune.org/ccount/click.php?id=4
=> http://securityresponse.symantec.com/avcenter/FixVundo.exe
=> http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Skanuj (i usuwaj :D) dopóki nic nie znajdzie.

Po zabiegach daj loga z silentrunners i comboscan.
C2D E8400 3GHZ + Pentagram Freezone HP-120 ALCu, Asus P5Q SE /intel P45/, A-Data 2x2GB CL4 Extreme Edition, Sapphire Radeon HD4870 512mb/256bit DDR5, WD 640GB SATA, Lite-ON Super AllWrite DVD SATA, Chieftec 500W, Samsung 2032BW Black 20', Vista Ultimate x64
Exoriare aliquis nostris ex ossibus ultor...
Awatar użytkownika
prog
~user
 
Posty: 4043
Dołączenie: 23 Mar 2005, 22:02
Miejscowość: /home/prog/
Pochwały: 232




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 11 gości